diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-08-05 21:41:28 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-08-05 21:41:28 +0200 |
commit | 58b2ba55a90f05f24661e664b1fb0a3486f037e8 (patch) | |
tree | 1f44b344423667280fca24661918cea8018195f7 /server/middlewares/validators | |
parent | f3391f9237269ed671c23fdbcc9d86dc52134fe5 (diff) | |
download | PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.gz PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.zst PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.zip |
Server: do not allow a user to remove a video of another user
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 9d21ee16f..e51087d5a 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -77,6 +77,7 @@ function videosRemove (req, res, next) { | |||
77 | 77 | ||
78 | if (!video) return res.status(404).send('Video not found') | 78 | if (!video) return res.status(404).send('Video not found') |
79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') | 79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') |
80 | else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') | ||
80 | 81 | ||
81 | next() | 82 | next() |
82 | }) | 83 | }) |